When you are hosting private code, for instance for a reusable component, on Gitlab you will not be able to clone it unless you have access or are authenticated with the GitLab backend and are authorised to the repository.
Access tokens are a great way to allow an alternative way to clone or add your project as a dependency to a parent project. For example you can use tokens as part of your Continuous Integration pipeline to build, test and deploy your project.
If you add a project in your composer.json ( composer is the de facto package manager most used in PHP) , such as
composer.phar require "bizmate/my-private-package:2.*"You will see something like
Could not fetch https://gitlab.com/api/v4/projects/bizmate%2Fmy-private-package/repository/archive.zip?sha=..., enter your gitlab.com credentials to access private repos A token will be created and stored in "/home/composer/.composer/auth.json", your password will never be stored To revoke access to this token you can visit gitlab.com/profile/applications Username: Password: Bad credentials. You can also manually create a personal token at https://gitlab.com/profile/personal_access_tokens Add it using "composer config --global --auth gitlab-token.gitlab.com <token>"
Using username and password credentials is not a great approach as they are critical information and also because if you have 2FA enabled it might not work.
The only stable solution is to create a Personal Access Token and set it up in the Composer configuration so that composer can build the correct links to clone git repositories from GitLab by adding the right token to the URL.
Inspect your configuration within composer with command
$ composer config --list #or $ composer config --global --list
to fetch the global configuration. To set up the right configuration you can run
composer config --global gitlab-token.gitlab.com a______________________a
again the –global option is present to set it up in the system wide configuration of your PC.
